Prioritizing Healthcare Security: Navigating the Impacts of COVID-19

Now, maybe more than ever, the need for secure healthcare networks is a top-of-mind issue for patients, providers, insurers and regulators alike. In 2019, the healthcare security statistics were already alarming, with 41 million patient records breached in 572 reported incidents at an average cost of $1.8 million per breach.¹ These statistics are hardly surprising with healthcare records selling for an average of $45 on the dark web.²

The year 2020 compounded these issues as COVID-19 exposed the true vulnerability of the healthcare infrastructure. Organizations not only had to deal with the medical and financial impacts of the pandemic, but also with the security risks inherent in the work-from-home (WFH) model and the increasingly sophisticated attacks of cybercriminals intent on exploiting these vulnerabilities. In this blog, we’ll explore some of these growing threats.

Work from Home Means an Expanded Attack Surface

Cybercriminals and other bad actors were quick to exploit the COVID-19 pandemic with, for example, phishing attacks. These exploited the fears of healthcare consumers and healthcare workers who, in the early days of WFH, were often accessing corporate networks on secured mobile phones and personal computers from their home networks.

This led to a variety of security issues; for example, Mirai botnet–type attacks that exploited WFH practices to infect healthcare organizations’ networks or dropper-based attacks that loaded malware to steal users’ credentials and ultimately lead to ransomware attacks. While these attacks still continue, most healthcare organizations have taken the measures necessary to secure their networks and their patient and organizations’ data.

End-Point Security Is Not Enough

Although most organizations have now provided WFH employees with secure computers using endpoint detection and response (EDR) solutions or mandated the use of virtual private networks (VPNs), this does not fully solve the security problem.

These solutions may protect the user and network from future attacks, but if network infiltration has already occurred, threats in the form of advanced persistent threats (APTs) may be lying dormant for weeks, months or maybe even years, on an apparently secure network. To respond to these threats, a network detection and response (NDR) capability is required. This capability looks for activity or patterns of behavior from users or network servers that indicate attacks may be in progress, may have taken place or may be developing.

Ideally EDR and NDR need to be integrated and used together to provide end-to-end network visibility and security.

Be Wary of State-Sponsored Attacks

Beyond threats from financially motivated cybercriminals looms the threat from highly sophisticated and well-resourced state-sponsored attackers. As widely reported in the media, there has been a spike in state-sponsored security attacks on lab and research facilities working on COVID-19 treatments. For example, the Wall Street Journal³ cited U.S. officials as suggesting that Chinese and Iranian hackers are targeting universities and pharmaceutical and other healthcare firms that are working to find a vaccine for COVID-19, in an attempt to disrupt this research and slow its development.

In addition to direct attacks on research institutions, software vendors that develop the tools used by these institutions are also at risk. Security is becoming a “supply chain” issue that touches not only all of the network users and assets, but also all the precursors to these assets, including the network carriers and software vendors on which network users rely.

The Rise of the Machines

In parallel with these issues, healthcare organizations must find new, more cost-effective ways to deliver high-quality healthcare to their increasingly tech-savvy consumers, and the use of Internet of Medical Things (IoMT) devices is critical to this process. IoMT devices, ranging from simple telehealth and remote patient monitoring to surgical robots and augmented reality technologies, can reduce operating costs and increase the quality of patient care.

COVID-19 has accelerated the adoption of IoMT technology, a process that will further accelerate with the availability of 5G networks over the coming one to three years. Many of the simpler IoMT devices don’t support traditional security models, so their adoption poses significant new threats unless healthcare institutions act to enhance security by, for example, ensuring that their network detection and response tools are ready for this challenge.

Who Can You Trust?

In a word, nobody. In a world where healthcare consumers and the workforce want or need to operate on an “access anywhere, anytime” model, adopting what’s called a Zero Trust security architecture not only makes sense, it is close to an imperative for healthcare organizations.

At the simplest level, Zero Trust means that, because the network is under constant attack from a huge array of external and internal threats, all users, devices, applications and resources on the network must be treated as being hostile. These users and devices need to be rigorously and continuously authenticated, while patient, research and other data and network assets need to be protected at a much more granular level than traditional perimeter-based security models allow.

The Big Picture

Taken together, these factors clearly indicate that healthcare security is, and will remain, a top priority for years to come as healthcare organizations navigate the medium and long-term impacts of COVID-19 and the rapidly changing nature of healthcare delivery. Gigamon is a trusted partner of over 600 of the leading healthcare providers and insurers, as well as life-sciences and pharmaceutical companies worldwide. We provide the network visibility and analytics capabilities on which effective security is built. Learn more about Gigamon solutions for healthcare here.

References

1. 2020 Breach Barometer. Protenus. 2020. https://www.protenus.com/resources/2020-breach-barometer/.
2. 2019 Trustwave Global Security Report. Trustwave. April 25, 2019. https://www.trustwave.com/en-us/resources/library/documents/2019-trustwave-global-security-report/.
3. Gordon Lubold and Dustin Volz. “U.S. Says Chinese, Iranian Hackers Seek to Steal Coronavirus Research.” Wall Street Journal. May 14, 2020. https://www.wsj.com/articles/chinese-iranian-hacking-may-be-hampering-search-for-coronavirus-vaccine-officials-say-11589362205.